Eight steps to automated GRC success
Date: Jul 18, 2016
Fuelled by the requirement to manage risk and minimise the threat of non-compliance, the range of GRC technologies and services is expanding rapidly. However many of the solutions offer enterprise-level sophistication, entailing complex implementations that can become long and costly.
Evidence of the growing maturity of this market is the announcement last year that Gartner has reset its approach for analyst coverage of GRC technologies and is developing additional coverage of targeted GRC topics and new Magic Quadrants.
These enterprise-level solutions are often a gigantic leap for many organisations currently relying on spreadsheet and manual questionnaires.
This is where some of the agile, new entrants to the GRC market, such as 3GRC, are finding success with easy to set up and use hosted portals, which provide immediate benefits. GRC portals simplify, standardise and automate the capture of risks and creation of centrally managed risk registers. Online GRC tools should also provide collaboration features including recommendations, responses and control completion dates.
As such, these ‘entry-level’ online services meet the three basic requirements of any GRC solution namely, an Automated Risk Register, Customisable Surveys and Cloud Collaboration Tools.
Whether the organisation decides to move directly to an all-encompassing GRC solution, or moves quickly to an online service, with immediate benefits, the following eight steps should be considered:
1. Set clear objectives and document all requirements
2. Simplify the process – don’t be tempted to over-engineer
3. Define core data so that all assurance groups are supported
4. Involve all end users in the configuration and implementation process
5. Test. Test. And test again.
6. Document and communicate the new process with all stakeholders
7. Fully train and support users with the new GRC solution
8. Lead by example – all assurance teams must use the solution on a daily basis
One of the biggest challenges to successfully moving from time consuming, manual spreadsheets and questionnaires, towards working directly in a GRC portal, is that at first glance, users may resist the change viewing the new technology as restrictive and complicated. Training and reiterating the expected benefits of the technology and showing it will make everyone’s life easier in the long run, should help the organisation overcome this potential pitfall.
Senior management also plays a pivotal role. As only full management buy-in will ensure GRC is a pro-active activity, not just form filling completed after the event.
Infosec Cloud has recently partnered with 3GRC to offer a hosted third party risk management portal to UK organisations of all sizes. Read more >>
3GRC is a leading global provider of 3rd party risk and compliance services. Our Risk Management portal combined with our expert GRC services, help our customers enhance transparency, reduce risk and improve operational efficiency. Our customers span the globe and cover a wide range of industries including Finance, Banking, Insurance, Media, Retail and Legal. Privately funded and Founded on a heritage of 60 years experience in the competitive and highly risk adverse information security sector, 3GRC employs experts covering the EMEA, ASIA Pacific & North American regions.